{ inputs, pkgs, lib, config, ... }:
let
  inherit (config.services) croc;
in
{
networking.nftables.ruleset = ''
  table inet filter {
    chain input-net {
      tcp dport {${lib.concatMapStringsSep "," toString croc.ports}} counter accept comment "croc"
    }
  }
'';
services.croc = {
  enable = true;
  pass = builtins.readFile (inputs.secrets + "/croc/pass");
  #debug = true;
};
}